<?php
include_once 'dbconnect.php';
$sql = new ownedsql;

class iraLogin
{
    function showLoginForm()
    {
        global $_SESSION;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="hu" lang="hu">

<head>
	<meta http-equiv="content-type" content="text/html; charset=utf-8" />
	<meta name="author" content="Galicz Miklós" />
    <meta name="copyright" content="Copyright 2011" />
    <meta name="Designer" content="Galicz Miklós" />
    <meta name="title" content="Ideális Ingatlan Iroda Kft." />
    <meta name="google-site-verification" content="JNb_55ls12otJizW-WPMODQTZUzHvKrIsQOeVsvtT7A" />
    <link rel="stylesheet" type="text/css" href="css/reset.css" />
    <link rel="stylesheet" type="text/css" href="css/general.css" />
    <link rel="stylesheet" type="text/css" href="css/index.css" />
    <link rel="shortcut icon" type="image/x-icon" href="imgs/favicon.ico" />
	<title>IRA-MS/Bejelentkezés</title>
 </head>
 
 <body>
        <form method="post" action="">
            <fieldset>
                <legend>&nbsp;IRA-MS&nbsp;</legend>
                <table>
                    <tr>
                        <td>Felhasználó név: </td>
                        <td id="field"><input type="text" name="uname" /></td>
                    </tr>
                    <tr>
                        <td>Jelszó: </td>
                        <td id="field"><input type="password" name="pass" /></td>
                    </tr>
                    <?php
        if (isset($_SESSION['loginError'])) {
            if ($_SESSION['loginError'] == true) {
?>
                    <tr>
                        <td id="errorRow" colspan="2"></td>
                    </tr>
                                <?php
            }
        }
?>
                    <tr>
                        <td colspan="2">
                            <input type="hidden" name="tryCheck" value="1" />
                            <input type="submit" name="login" value="Küldés" />
                        </td>
                    </tr>
                </table>
            </fieldset>
        </form>
         </body>
 </html>
        <?php
    }

    function clean_var($variable)
    {
        $variable = strip_tags(stripslashes(trim(rtrim(mysql_real_escape_string($variable)))));
        return $variable;
    }

    function loginFormAction()
    {
        global $sql, $_POST, $_SESSION;

        $user = $this->clean_var($_POST['uname']);
        $pass = $this->clean_var($_POST['pass']);
        $sql->connect();
        $sql->query("SELECT uName FROM 3i_usernames WHERE uName='$user'");
        $result = $sql->query;
        $_SESSION['loginError'] = true;
        if (mysql_num_rows($result) == 1) {
            $fail = true;
            while ($item = mysql_fetch_array($result)) {
                $_SESSION['loginError'] = true;
                if ($item['uName'] == $user) {
                    $_SESSION['loginError'] == true;
                    $sql->query("SELECT spice FROM 3i_usernames WHERE uName='$user'");
                    $spice = mysql_fetch_array($sql->query);
                    $spice = $spice['spice'];
                    $salted = sha1($spice . sha1($pass . $spice) . $spice);

                    $sql->query("SELECT uPass FROM 3i_usernames WHERE uPass='$salted'");
                    $result = $sql->query;
                    if (mysql_num_rows($result) == 1) {
                        $_SESSION['loginError'] = true;
                        while ($passRow = mysql_fetch_array($result)) {
                            $_SESSION['loginError'] = true;
                            if ($passRow['uPass'] == $salted) {
                                $sql->query("SELECT uid FROM 3i_usernames WHERE uPass='$salted'");
                                $uid = mysql_fetch_array($sql->query);
                                $uid = $uid['uid'];

                                $_SESSION['userID'] = $uid;
                                $_SESSION['userName'] = $user;
                                $_SESSION['userPass'] = md5($salted);

                                $_SESSION['loginError'] = false;
                                $host = $_SERVER['HTTP_HOST'];
                                $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
                                $extra = 'overview.php';
                                header("Location: http://$host$uri/$extra");
                            }
                        }
                    }


                }
            }
        }
        if ($_SESSION['loginError'] = true) {
            $this->showLoginForm();
        }
        $sql->kill();
    }
}
?>